Firewall Wizards mailing list archives
RE: Worms, Air Gaps and Responsibility
From: Dana Nowell <DanaNowell () cornerstonesoftware com>
Date: Tue, 18 May 2004 09:29:01 -0400
At 11:06 PM 5/17/2004 -0500, Frank Knobbe wrote: [snip]
Perhaps for viruses, but not for worms as these devices tend not to be permanently wired or reachable.
Yup. So imagine a case where you have an internal worm/virus outbreak and you clean up. Next day it is back, you scour your network and clean up everything. Next day it's back, eventually you find some guy syncing his Palm to his desktop or an intermittently connected wireless iPaq is the root cause, chase that one down. As a general case, I'm whining about intermittently connected devices having direct access to the internal network. We talk about all sorts of restrictions on home PC connections, what about the 'next generation' (based on roll-out not technology) wireless devices (bluetooth, WiFi, 802.11)? Assume you have a PDA like device in your pocket and are walking down the street. Guy with an infected phone walks past and BAM, welcome to the nightmare. Is that today, no. Is that within say 5 years, possibly. Show me YOUR plans for firewall protection of bluetooth, wireless USB, and similar connections (yes some stuff is/can be built in by design but buffer overflows and other exploits can be built in by accident;). But hey, that's not real today so no short term pain no short term solution. Eventually I'm pretty sure it will become a short term issue with some level of pain.
Several years ago, the folks from Phenoelit were presenting exploits on Cisco routers and HP printers. I had $20 on a worm that spreads through printers since there are frighteningly many printers directly connected to the Internet (after all, it's just a printer, right? :) Likewise, a worm ripping through Cisco routers gives me the creeps, but luckily these are often setup with a decent or secure enough configurations. (I don't recall there actually being a printer worm.) But what about Cable modems or DSL routers? Any component that is not a computer, or has services open, tends to be ignored/dismissed too quickly. Once we were shown that laser printers can be converted to do thy bidding in the form of password brute forcing and other... uhm... non-paper related tasks. Who would have thought...
I don't connect printers directly to the net so I hadn't thought of that. Cable/DSL modems are an issue but since they're on the outside of my 'router' they are considered 'red zone' devices anyway.
But you are right... It seems I'm dismissing cell phones and PDAs here, and I shouldn't be doing that.
I don't think cell phones are a real big issue now but convergence between cell phones and PDAs with wireless connectivity and a VPN thrown in is a scary concept. As people have said for awhile now the days of Red and Blue zones are over, unfortunately most people lack the skills/intelligence/money/clout to bury the corpse. -- Dana Nowell Cornerstone Software Inc. Voice: 603-595-7480 Fax: 603-882-7313 email: DanaNowell_at_CornerstoneSoftware.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Worms, Air Gaps and Responsibility, (continued)
- RE: Worms, Air Gaps and Responsibility Victor Williams (May 11)
- RE: Worms, Air Gaps and Responsibility Claussen, Ken (May 12)
- RE: Worms, Air Gaps and Responsibility Claussen, Ken (May 12)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 12)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 13)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 13)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 17)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 17)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 17)
- RE: Worms, Air Gaps and Responsibility Frank Knobbe (May 18)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 18)
- Re: Worms, Air Gaps and Responsibility Adam Shostack (May 18)
- Re: Worms, Air Gaps and Responsibility Dana Nowell (May 18)
- Re: Worms, Air Gaps and Responsibility Frank Knobbe (May 18)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 18)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 18)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 18)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 18)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 18)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 19)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 19)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 13)